Author Topic: IEXPLORE Virus  (Read 14011 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: IEXPLORE Virus
« Reply #15 on: July 10, 2011, 07:17:00 PM »
Run MBRCheck.exe once again.
 
You will be presented with the following dialog:
 
Quote
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 
Enter Y and press Enter.
 
The following dialog will be presented:
Quote
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
 
Enter your choice:

 
Enter 2 and press Enter
 
The following dialog will be presented:
 
Quote
Enter the physical disk number to fix (0-99, -1 to cancel):

 
Enter >>0<< and press Enter
 
The following dialog will be presented:
Quote

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
 
Please select the MBR code to write to this drive:

 
Enter >>1<<  and press Enter
 
The following dialog will be presented:
Quote
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:

 
Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!
 
And last the following dialog will be presented:
 
Quote
Done! Press ENTER to exit...

 
Press Enter. A report will be produced on the desktop. Post that report in your next reply.

mishav13

  • Guest
Re: IEXPLORE Virus
« Reply #16 on: July 10, 2011, 08:23:39 PM »
Attached is new MBR log. Note: TDSSKILLER still will not open

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: IEXPLORE Virus
« Reply #17 on: July 10, 2011, 08:26:59 PM »
Could you reboot and run a further mbr check please

mishav13

  • Guest
Re: IEXPLORE Virus
« Reply #18 on: July 10, 2011, 08:48:47 PM »
new mbr log attached

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: IEXPLORE Virus
« Reply #19 on: July 10, 2011, 10:50:55 PM »
This has the appearance of the new TDL variant

Reboot the computer and press F8 to get to the safe mode menu
Once there select recovery console
At the command prompt type

FIXMBR

Accept the warning and then type  Exit

Reboot to normal windows and run mbrcheck again please

mishav13

  • Guest
Re: IEXPLORE Virus
« Reply #20 on: July 10, 2011, 11:00:35 PM »
When i go to recovery console it says: "A disk read error occured. Press ctrl+alt+del to restart" Pressing ctrl+alt+del does nothing. Gotta shut down computer manually by holding power button down.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: IEXPLORE Virus
« Reply #21 on: July 10, 2011, 11:16:35 PM »
OK this is the new variant - I will need to do a bit of reading on this, we may need to fix the MBR outside of windows, Are you able to burn a CD ?


mishav13

  • Guest
Re: IEXPLORE Virus
« Reply #22 on: July 10, 2011, 11:18:02 PM »
i can burn a cd/dvd on my other computer.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: IEXPLORE Virus
« Reply #23 on: July 10, 2011, 11:27:56 PM »
Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn  to burn the file to CD

  • Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads  :) 
  • Your system should now display a Reatogo desktop.
  • On the Reatogo desktop. Double click MBRFix. A command prompt will be presented. Type the following commands and press Enter after each line:
C:
cd C:\
MbrFix /drive 0 fixmbr
Exit

[/list]


mishav13

  • Guest
Re: IEXPLORE Virus
« Reply #24 on: July 10, 2011, 11:56:59 PM »
When i typed the following in the command prompt: MbrFix /drive 0 fixmbr
I get the following error:
"MBRFIX is not recognized as internal or external command"

The Kitchen Sink

  • Guest
Re: IEXPLORE Virus
« Reply #25 on: July 11, 2011, 05:40:09 PM »
Just a small bit of info. There have been viral adverts that Mediafire occasionally use. Most likely by accident(I hope). But I thought Essexboy would want to know, as to avoid giving out this link to them. Not everyone has ad blockers.

Stay safe. Hope this issue of this thread is resolved =D

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: IEXPLORE Virus
« Reply #26 on: July 11, 2011, 09:16:51 PM »
OK I have some further information on this now

Download aswMBR.exe ( 1.8mb ) to your desktop.
 
Double click the aswMBR.exe to run it
 
Click the "Scan" button to start scan
 
 
On completion of the scan click save log, save it to your desktop and post in your next reply


mishav13

  • Guest
Re: IEXPLORE Virus
« Reply #27 on: July 12, 2011, 01:18:29 AM »
Attached new log.

As for MBRFix i think i might need to set an environment variable as changing the path to C:\ it won't recognize the command as its not found but it does exist. I'm not really sure how to do it though.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: IEXPLORE Virus
« Reply #28 on: July 12, 2011, 07:46:22 PM »
Lets try this first and keep our fingers crossed as I have had two successes with this so far

Re-Run aswMBR 
 
Click Scan
 
On completion of the scan
 
Click the FIXMBR Button


 
Reboot and run a fresh aswMBR scan 
Save the log as before and post in your next reply

mishav13

  • Guest
Re: IEXPLORE Virus
« Reply #29 on: July 12, 2011, 11:11:29 PM »
new log attached